1 / 15

Computer Forensics

2001 National Sheriffs’ Association Conference Emerging Computer Issues for 21st Century Law Enforcement SSA Dara K. Sewell Computer Analysis Response Team. Computer Forensics. Application of science and engineering to the legal problem of digital evidence. Latent evidence

kato-blanchard
Download Presentation

Computer Forensics

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. 2001 National Sheriffs’ Association ConferenceEmerging Computer Issues for 21st Century Law EnforcementSSA Dara K. SewellComputer Analysis Response Team

  2. Computer Forensics • Application of science and engineering to the legal problem of digital evidence. • Latent evidence • Requires expertise, training and tools

  3. Computer Forensics Evidence Lab

  4. A Pile of Hard Disks as Evidence

  5. Computers in Crime • White Collar Crime • Wire Fraud • Bank Fraud • Health Care Fraud • Intellectual Property • Violent Crime • Kidnapping • Extortion • Crimes Against Children • Organized Crime • Drugs • Gambling • National Infrastructure Protection • Computer Intrusions • Technical Support for Other Crimes • IP for Telecommunication, Energy, Oil &Gas Storage, Banking & Finance, Water, Emergency Services & Government Operations • Domestic Terrorism • Attempts Or Actual Bombing • Cases Involving Threats • RICO Terrorism • Weapons of Mass Destruction

  6. Computer Crimes • E-mail Extortion Threats • On-line Child Pornography • On-line Gambling • Offshore Money Laundering Websites • Organized Crime • Cyber-Terrorism • Infrastructure Attacks • Hate Crimes On-line Threats/Stalking On-line Narcotic Sales Computer Component Theft Viruses/Worms Telecommunication Fraud Chip Fraud Counterfeiting Securities Fraud Is the computer a tool, target, or storage medium?

  7. Computer Analysis Response TeamResponsible for all Digital Related Evidence Acquisition • DOS • Safeback Image Examination • FBI approved DOS tools to validate results. Presentation • HTM format

  8. FBI Basic Digital Evidence Training & Certification A+ Certification (2 wks) Basic Forensics (1wk) FBI Forensic Process Boot Camp (1wk) Moot Court Boot Camp (1wk) Elective Training (2wk) Mentoring Process 5 Searches & 5 Examination Annual Assessment Test Cost Approximately $10,000 • Yearly update training • FBI Advance Training (1wk) • Elective Training (2wk) • Technical Conference (1wk) • Cost Approximately $7600

  9. FBI Digital Evidence Processing Equipment • Desktop • SCSI Card, • CDROM • 2 Hard Drive • Removable drive bays • 512 MB Ram • Laptop (Extra Hard Drive) • CDRW • Magneto Optical Drive • Tape Drive • Printer • Palm Pilot • Travel Cases • Cables • Cost Approximately $25,000 • Yearly upgrade cost approximately $12,500 • Yearly Supply Budget for expendable items • Hard Drives • CDROM (Only) • Magneto Opticals • Zips • Jaz • Tapes • Floppy Disks

  10. Specialized Training • Macintosh • HFS and HFS Plus File systems • Linux • Ext 2 file system • Basic Forensics/Advanced Forensics • ACES-Automated Computer Examination System • Windows NT • Network System Administration (Commercial) • CNA/CNE • MCSE

  11. Lab Structure • Multi-agency • Multi-jurisdictional • Both sworn and non-sworn law enforcement personnel. • Organized Separation of Duties: • imaging, analysis, and research and development functions. • Rotate examiners between these assignments, allowing each to develop a variety of skills. • Data Storage procedures

  12. Regional Computer Forensic Laboratories - RCFL • San Diego, CA • 17 Members • 7 Police Departments • San Diego District Attorney’s Office • Navel Criminal Investigative Service • DEA • US Customs Service • Defense Criminal Investigative Service • FBI • Dallas, TX • 14 Members • 9 Police Departments • Attorney General’s Office • FBI

  13. RCFL Expansion • FBI Affiliate RCFL (Comply with FBI Standards) • FBI CART Training • FBI Protocol • FBI CART Certified (Quality Assurance/Quality Control) • All examiners can work FBI case • Others • Only FBI examiners will work FBI cases • FBI Funded RCFL • 3-6 in the next 2 years • Starting October 2001 • FBI CART Training • FBI Protocol • FBI CART Certified (Quality Assurance/Quality Control) • All examiners can work FBI case

  14. New Technology

  15. Thanks to: Dara K. SewellSupervisory Special AgentFederal Bureau of InvestigationUnited States Department of JusticeQuantico, VA

More Related